> Now my company is (T) and we don't want to leak (V)'s session key. > You may assume that our binary is protected state of the art agains debugger attacks and stuff. > So the only question is if the shared openssl library makes the tool more vulnerable? You cannot prevent someone from changing what the software that runs on their computer. You can only make it harder. Shared libraries are easier for a user to replace; static libraries are harder.
